The main changes are changing localaccount to pull in the glasgow centric grid-mapfile.
localaccount = "lcmaps_localaccount.mod"
" -gridmapfile /usr/local/etc/grid-mapfile-local"
# " -gridmapfile /etc/grid-security/grid-mapfile"
Some small tweaks are required to move localaccount from the last check to the first check. If this is successful it uses that account, otherwise it moves to check voms and pool accounts.
glexec_get_account:
proxycheck -> localaccount
localaccount -> good | vomslocalgroup
#proxycheck -> vomslocalgroup
vomslocalgroup -> vomspoolaccount | poolaccount
vomspoolaccount -> good | vomslocalaccount
vomslocalaccount -> good | poolaccount
poolaccount -> good #| localaccount
glexec_verify_account:
proxycheck -> localaccount
localaccount -> good | vomslocalgroup
#proxycheck -> vomslocalgroup
vomslocalgroup -> vomspoolaccount | poolaccount
vomspoolaccount -> good | vomslocalaccount
vomslocalaccount -> good | poolaccount
poolaccount -> good #| localaccount
SCAS is works in the same way and all that is required is to change the localaccount setting to pull in our Glasgow local grid-mapfile a'la
localaccount = "lcmaps_localaccount.mod"
" -gridmapfile /usr/local/etc/grid-mapfile-local"
# " -gridmapfile /etc/grid-security/grid-mapfile"
Job done. I can now flit between gla or pool accounts depending on my existence in /usr/local/etc/grid-mapfile-local
Job id Name User Time Use S Queue
------------------------- ---------------- --------------- -------- - -----
2013.svr008 cream_441636610 ssp001 0 R q2d
2014.svr008 cream_963867097 gla057 0 Q q2d
1 comment:
However, this still doesn't help if you are staging files to your CREAM CE. It stills needs to use gridftp which uses your proxy to utilise a pool account to make the connection. This is fine and dandy until you start switching to using local accounts like above in lcmaps. Suddenly staging ceases to work as gridftp even though the local user has the same group or secondary group as the pool user.
Post a Comment